An archive reportedly containing the hashed passwords of more than six million LinkedIn accounts is circulating online. LinkedIn says it is still investigating the claims, but if you use LinkedIn, you may want to take a moment and change your… Read More »
The alleged ringleader of a Romanian hacker gang accused of breaking into and stealing payment card data from hundreds of Subway restaurants made news late last month when he was extradited to face charges in the United States. But perhaps the more interesting story is how his two alleged accomplices happened to have come to this country willingly: They were lured here by undercover U.S. Secret Service agents who promised to shower the men with love and riches.
An attack late last week that compromised the personal and business Gmail accounts of Matthew Prince, chief executive of Web content delivery system CloudFlare, revealed a subtle but dangerous security flaw in the 2-factor authentication process used in Google Apps for business customers. Google has since fixed the glitch, but the incident offers a timely reminder that two-factor authentication schemes are only as secure as their weakest component.
In a blog post on Friday, Prince wrote about a complicated attack in which miscreants were able to access a customer’s account on CloudFlare and change the customer’s DNS records. The attack succeeded, Prince said, in part because the perpetrators exploited a weakness in Google’s account recovery process to hijack his CloudFlare.com email address, which runs on Google Apps
Microsoft has issued a security update to block an avenue of attack first seen in “Flame,” a sophisticated new malware strain that many experts believe was designed to steal data specifically from computers in Iran and the Middle East.
According to Microsoft, Flame tries to blend in with legitimate Microsoft applications by cloaking itself with an older cryptography algorithm that Microsoft used to digitally sign programs.
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. It’s too bad the committee has already finalized its witness list: It likely would be shocked to hear the story of Tennessee Electric Company Inc., a firm that lost $328,000 earlier this month in an account takeover that defeated multiple security measures commonly used by commercial banks to stop cyber thieves.
The Obama administration will hold a public meeting at the White House on Wednesday to discuss industry and government efforts to combat botnet activity. Among them is a pilot program to share information about botnet victims between banks and Internet service providers, according to sources familiar with the event.
A recent breach at billing and support software provider WHMCS that exposed a half million customer usernames, passwords — and in some cases credit cards — may turn out to be least of the company’s worries. According to information obtained by KrebsOnSecurity.com, for the past four months hackers have been selling an exclusive zero-day flaw that they claim lets intruders break into Web hosting firms that rely on the software.
Google plans today to begin warning Internet users if their computers show telltale signs of being infected with the DNSChanger Trojan. The company estimates that more than 500,000 systems remain infected with the malware, despite a looming deadline that threatens… Read More »
The Wikimedia Foundation last week warned that readers who are seeing ads on Wikipedia articles are likely using a Web browser that has been infected with malware. The warning points to an apparent resurgence in adware and spyware that is being delivered via cleverly disguised browser extensions and plugins that are bundled with other software or foisted in social engineering schemes.
The data breach at Atlanta-based credit and debit card processor Global Payments just keeps getting bigger. Earlier this month, I reported that Visa and MasterCard were alerting banks that the breach extended back to June 2011. Now it appears the… Read More »
